From owner-freebsd-gnome@FreeBSD.ORG Sun Oct 10 05:00:57 2004 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B49216A4CE for ; Sun, 10 Oct 2004 05:00:57 +0000 (GMT) Received: from ran.psg.com (ip192.186.dsl-acs2.seawa0.iinet.com [209.20.186.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8E4B43D41 for ; Sun, 10 Oct 2004 05:00:56 +0000 (GMT) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=ran.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.34 (FreeBSD)) id 1CGVpH-000Hba-Uf; Sat, 09 Oct 2004 22:00:56 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16744.49671.348105.73667@ran.psg.com> Date: Sat, 9 Oct 2004 22:00:55 -0700 To: Joe Marcus Clarke References: <4166D58D.6020305@ev.net> <200410091555.07963.josemi@freebsd.jazztel.es> <16743.61876.660465.143923@ran.psg.com> <200410091630.03594.josemi@freebsd.jazztel.es> <16743.63091.411390.257816@ran.psg.com> <4168269A.2070900@marcuscom.com> cc: freebsd-gnome@freebsd.org Subject: Re: Gnome2 hangs on startup X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Oct 2004 05:00:57 -0000 > If you firewall off TCP and UDP 111, and only allow local hosts to > connect (maybe _just_ localhost) you should never have a problem with > it. well, as a security friend sez One more thing: if you're running rpcbind, you're presumably running some other service that talks to it. You need to block its port(s), too. so, what else needs blocking? and, btw, you can't just block 111 from non-127/8. you could get an attack toward your 127/8. you need to block 127/8 after allowing lo0. and that's why i hate this stuff. randy